Lab 2.5.1: Basic PPP Configuration Lab Stáhněte si úlohu 4e_02_5_1_ppp.pdf z http://skola.bernkopf.cz Odkaz Předměty – Cisco – Materiály – Úlohy Vypracujte podle připojených pokynů. Navíc do každého směrovače (router) a přepínače (switch) vložte hlášku, která se vypíše při každém přihlášení. Použijte příkaz banner login, hláška bude Vaše příjmení bez diakritiky, tj. například Pechacek místo Pecháček. Výsledný soubor pojmenujte „4e_02_5_1_ppp_Prijmeni.pkt“, kde Prijmeni je Vaše příjmení bez diakritiky. Soubor zašlete e-mailem do půlnoci neděle 23. února na adresu jaroslav@bernkopf.cz . Topology Diagram All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 9 CCNA Exploration Accessing the WAN: PPP Lab 2.5.1: Basic PPP Configuration Lab Addressing Table Interface IP Address Subnet Mask Default Gateway Fa0/1 192.168.10.1 255.255.255.0 N/A S0/0/0 10.1.1.1 255.255.255.252 N/A Lo0 209.165.200.225 255.255.255.224 N/A S0/0/0 10.1.1.2 255.255.255.252 N/A S0/0/1 10.2.2.1 255.255.255.252 N/A Fa0/1 192.168.30.1 255.255.255.0 N/A S0/0/1 10.2.2.2 255.255.255.252 N/A PC1 NIC 192.168.10.10 255.255.255.0 192.168.10.1 PC3 NIC 192.168.30.10 255.255.255.0 192.168.30.1 Device R1 R2 R3 Objectives Basic configuration tasks on a router. Configure and activate interfaces. Configure OSPF routing. Configure PPP encapsulation. Learn how to change the encapsulation on the serial interfaces from PPP to HDLC. Intentionally break and restore PPP encapsulation. Configure PPP PAP and CHAP authentication. Intentionally break and restore PPP PAP and CHAP authentication. Task 1: Prepare the Network Step 1: Cable the network. You can use any router as long as it has the required interfaces. Tady nám neřekli, s čím to dělali oni. Vyberte takový router, který bude mít stejné označení sériových rozhraní, např. 0/0/0. Step 2: Clear any existing configurations on the routers. Task 2: Perform Basic Router Configuration Configure the R1, R2, and R3 routers according to the following guidelines: Configure the router hostname. Disable DNS lookup. Configure an EXEC mode password. Configure a password for console connections. Configure synchronous logging. Configure a password for vty connections. All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 9 CCNA Exploration Accessing the WAN: PPP Lab 2.5.1: Basic PPP Configuration Lab Task 3: Configure and Activate Serial and Ethernet Addresses Step 1: Configure interfaces on R1, R2, and R3. Configure the interfaces on the routers with the given IP addresses. Include the clock rate on the serial DCE interfaces. Step 2: Verify IP addressing and interfaces. Use the show ip interface brief command to verify that the IP addressing is correct and that the interfaces are active. Save the running configuration to the NVRAM. Step 3: Configure the Ethernet interfaces of PC1 and PC3. Configure the Ethernet interfaces of PC1 and PC3 with the given IP addresses and default gateways. Step 4: Test the configuration by pinging the default gateway from the PC. Task 4: Configure OSPF on the Routers All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 9 CCNA Exploration Accessing the WAN: PPP Lab 2.5.1: Basic PPP Configuration Lab All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 9 CCNA Exploration Accessing the WAN: PPP Lab 2.5.1: Basic PPP Configuration Lab Step 1: Enable OSPF routing on R1, R2, and R3. Use the router ospf command with a process ID of 1. Be sure to advertise the networks. R1(config)#router ospf 1 R1(config-router)#network 192.168.10.0 0.0.0.255 area 0 R1(config-router)#network 10.1.1.0 0.0.0.3 area 0 R2(config)#router ospf 1 R2(config-router)#network 10.1.1.0 0.0.0.3 area 0 R2(config-router)#network 10.2.2.0 0.0.0.3 area 0 R2(config-router)#network 209.165.200.224 0.0.0.31 area 0 R3(config)#router ospf 1 R3(config-router)#network 10.2.2.0 0.0.0.3 area 0 R3(config-router)#network 192.168.30.0 0.0.0.255 area 0 Step 2: Verify that you have full network connectivity. Use the show ip route and ping commands to verify connectivity. Task 5: Configure PPP Encapsulation on Serial Interfaces Step 1: Use the show interface command to check whether HDLC is the default serial encapsulation. R1#show interface serial0/0/0 Serial0/0/0 is up, line protocol is up Hardware is GT96K Serial Internet address is 10.1.1.1/30 MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, loopback not set ... a stejně na rozhraních R2, R3. Step 2: Vynecháno Step 3: Change the encapsulation of the serial interfaces mezi R1 a R2 from HDLC to PPP. Hlavní rozdíly mezi HDLC a PPP PPP má ověřování totožnosti (authentication), HDLC ne. PPP není Cisco proprietary => funguje i na neCisco zařízeních. Change the encapsulation type on the link between R1 and R2, and observe the effects. R1(config)#interface serial 0/0/0 R1(config-if)#encapsulation ppp R2(config)#interface serial 0/0/0 R2(config-if)#encapsulation ppp What happens when one end of the serial link is encapsulated with PPP and the other end of the link is encapsulated with HDLC? Může to fungovat s HDLC na jedné straně, PPP na druhé? _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 9 CCNA Exploration Accessing the WAN: PPP Lab 2.5.1: Basic PPP Configuration Lab What happens when PPP encapsulation is configured on each end of the serial link? Co se stane, když dáme PPP na oba konce? _____________________________________________________________________ _____________________________________________________________________ Step 4: Vynecháno Step 5: Change the encapsulation from HDLC to PPP on both ends of the serial link between R2 and R3. When does the line protocol on the serial link come up and the OSPF adjacency is restored? Kdy linkový protokol ožije a sousedské vztahy protokolu OSPF se obnoví? _____________________________________________________________________ _____________________________________________________________________ Step 6: Verify that PPP is now the encapsulation on the serial interfaces. R1#show interface serial0/0/0 Serial0/0/0 is up, line protocol is up Hardware is GT96K Serial Internet address is 10.1.1.1/30 MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation PPP, LCP Open Open: CDPCP, IPCP, loopback not set ... stejně na ostatních rozhraních ostatních směrovačů. Task 6: Break and Restore PPP Encapsulation By intentionally breaking PPP encapsulation, you will learn about the error messages that are generated. Když si zkusíme, co to udělá, když to máme schválně špatně nastavené, nebudeme překvapeni, až to budeme mít špatně neschválně. Step 1: Return both serial interfaces on R2 to their default HDLC encapsulation. R2(config)#interface serial 0/0/0 R2(config-if)#encapsulation hdlc Why is it useful to intentionally break a configuration? Proč je užitečné schválně si to zkusit? _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ Why do both serial interfaces go down, come back up, and then go back down? Proč jdou sériová rozhraní dolů, znovu nahoru, a nakonec definitivně dolů? _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 9 CCNA Exploration Accessing the WAN: PPP Lab 2.5.1: Basic PPP Configuration Lab Can you think of another way to change the encapsulation of a serial interface from PPP to the default HDLC encapsulation other than using the encapsulation hdlc command? (Hint: It has to do with the no command.) Jak jinak by se dalo přejít z PPP na HDLC? (Bude tam nějaký no příkaz) _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ Protože HDLC je na zařízeních Cisco default, stačí jen zrušit PPP. Step 2: Return both serial interfaces on R2 to PPP encapsulation. R2(config)#interface s0/0/0 R2(config-if)#encapsulation ppp R2(config-if)#interface s0/0/1 R2(config-if)#encapsulation ppp Task 7: Configure PPP Authentication Step 1: Configure PPP PAP authentication on the serial link between R1 and R2. R1(config)#username R1 password cisco ;mluv jen s tím, kdo ti pošle tuto kombinaci R1(config)#int s0/0/0 R1(config-if)#ppp authentication pap R1(config-if)#ppp pap sent-username R2 password cisco ; a ty na druhou stranu posílej zase tuto kombinaci What happens when PPP PAP authentication is only configured on one end of the serial link? Co když ověřování nastavíme jen na jedné straně? _____________________________________________________________________ _____________________________________________________________________ R2(config)#username R2 password cisco R2(config)#interface Serial0/0/0 R2(config-if)#ppp authentication pap R2(config-if)#ppp pap sent-username R1 password cisco What happens when PPP PAP authentication is configured on both ends of the serial link? A co když to nastavíme správně na obou stranách? _____________________________________________________________________ _____________________________________________________________________ All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 9 CCNA Exploration Accessing the WAN: PPP Lab 2.5.1: Basic PPP Configuration Lab Step 2: Configure PPP CHAP authentication on the serial link between R2 and R3. In PAP authentication, the password is not encrypted. While this is certainly better than no authentication at all, it is still highly preferable to encrypt the password that is being sent across the link. CHAP encrypts the password. Na rozdíl od PAP (výše), ověřování CHAP šifruje heslo a proto je bezpečnější. R2(config)#username R3 password cisco R2(config)#int s0/0/1 R2(config-if)#ppp authentication chap R2(config-if)# R3(config)#username R2 password cisco *Aug 23 18:07:13.074: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to up R3(config)#int s0/0/1 R3(config-if)# *Aug 23 18:07:22.174: %OSPF-5-ADJCHG: Process 1, Nbr 209.165.200.225 on Serial0/0/1 from LOADING to FULL, Loading Done R3(config-if)#ppp authentication chap R3(config-if)# Notice that the line protocol on interface serial 0/0/1 changes state to UP even before the interface is configured for CHAP authentication. Can you guess why this is the case? Linkový protokol na serial 0/0/1 jde nahoru ještě předtím, než je to rozhraní konfigurováno pro CHAP. Proč? _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ Step 3: Vynecháno Task 8: Intentionally Break and Restore PPP CHAP Authentication Step 1: Break PPP CHAP authentication. On the serial link between R2 and R3, change the authentication protocol on interface serial 0/0/1 to PAP. R2(config)#int s0/0/1 R2(config-if)#ppp authentication pap R2(config-if)#^Z R2# R2#copy run start R2#reload Does changing the authentication protocol to PAP on interface serial 0/0/1 break authentication between R2 and R3? _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ Kdybychom nerestartovali, linkový protokol by zůstal up. Proč? All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 8 of 9 CCNA Exploration Accessing the WAN: PPP Lab 2.5.1: Basic PPP Configuration Lab Step 2: Restore PPP CHAP authentication on the serial link. Notice that it is not necessary to reload the router for this change to take effect. R2(config)#int s0/0/1 R2(config-if)#ppp authentication chap Step 3: Intentionally Break PPP CHAP authentication by changing the password on R3. R3(config)#username R2 password cisco R3(config)#^Z R3# R3#copy run start R3#reload After reloading, what is the status of the line protocol on serial 0/0/1? _____________________________________________________________________ _____________________________________________________________________ Step 4: Restore PPP CHAP authentication by changing the password on R3. R3(config)#username R2 password cisco R3(config)# All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 9